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BEGIN ^ 



LINE1 



DEFINE A MAP CALLED ARITH TO PERFORM 
ARITHMETIC OPERATIONS. 






DEFINE A CLASS {TLS} WHICH CONTAINS VERIFY 
AND ENCR AS ELEMENTS. 




r 



LINES 



LINE 15 



DEFINE A RULESET CALLED LOOKUPDOMAIN WHICH 
HAS FOUR PARAMETERS ALL OF WHICH ARE INCLUDED 
IN ANGLE BRACKETS: 

1: KEY (DOMAIN NAME, I.E., A NAME LIKE H0ST.EXAMPLE.COM) 
2: DEFAULT (WHAT TO RETURN IF NOT FOUND IN ACCESS MAP) 
3: PASSTHRU (ADDITIONAL DATA PASSED UNCHANGED THROUGH) 
4: MARK TAG 
WHERE MARK IS: ! DOES LOOKUP ONLY WITH TAG 
OR: + DOES LOOKUP WITH AND WITHOUT TAG 



LINE 16 



IF THE KEY IS OF THE FORM [IPV6 ...] THEN REMOVE IPV6 
AND TRANSFORM THE VALUE INTO A TOKEN USABLE BY 
SENDMAIL (USING THE DEQUOTE MAP WHICH REMOVES 
QUOTES FROM STRINGS). 



LINE 17 



LOOKUP THE KEY IN THE ACCESS MAP WITH A LEADING 
TAG AS GIVEN IN THE FOURTH ARGUMENT. IF THE KEY IS 
NOT FOUND IN THE MAP, THE FIRST ELEMENT OF THE 
NEW WORK SPACE WILL BE <?>. 



LINE 20 



IF THE M4 MACRO _FFR_LOOKUPDOTDOMAIN IS DEFINED 
THEN OMIT THE FIRST COMPONENT OF THE KEY AND 
LOOKUP .REST WITH A LEADING TAG AS GIVEN IN THE 
LAST ARGUMENT. 



CONTINUE TO 
FIG. 48 



F/G. Ak 



SENDMAIL, INC. 

SMI/Da)3.02 
SHEET "of [7^ 



CONTINUE FROM 
FIG. 4A 



LINE 21 



IF THE MARK IS '+' THEN LOOKUP JUST THE KEY 
(WITHOUT THE TAG). 



LINE 23 



IF THE M4 MACRO _FFR_LOOKUPDOTDOMAIN IS DEFINED 
AND THE MARK IS V THEN OMIT THE FIRST COMPONENT 
OF THE KEY AND LOOKUP .REST. 



LINE 24 



IF THE KEY IS OF THE FORM [1.2.3.4] (I.E., AN IPV4 ADDRESS), 
THEN OMIT THE LAST COMPONENT (THE LEAST SIGNIFICANT 
PART) AND RECURSIVELY CALL LOOKUPDOMAIN AGAIN. 



LINE 25 



IF THE KEY IS OF THE FORM [1 :2:3:4:6:7:8] (I.E., AN IPV6 
ADDRESS), THEN OMIT THE LAST COMPONENT (THE 
LEAST SIGNIFICANT PART) AND RECURSIVELY CALL 
LOOKUPDOMAIN AGAIN. 







IF THE KEY IS OF THE FORM FIRST.REST THEN OMIT THE 
FIRST COMPONENT (THE LEAST SIGNIFICANT PART) AND 
RECURSIVELY CALL LOOKUPDOMAIN AGAIN. 






NOTHING HAS BEEN FOUND AND THE KEY CONSISTS ONLY 
OF A SINGLE COMPONENT STOP LOOKUP AND RETURN 
<DEFAULT><PASSTHRU> 




r 


SOMETHING HAS BEEN FOI 
(RHS) OF THE LOOKUP AN 


UND: RETURN THE RESULT 
D THE PASSTHRU VALUE. 



LINE 27 



LINE 29 



LINE 31 



CONTINUE TO 
FIG. 40 
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CONTINUE FROM 




FIG. 4B 



LINE 43 



DEFINE A RULESET CALLED LOOKUPADDRESS WHICH 
HAS FOUR PARAMETERS ALL OF WHICH ARE INCLUDED 
IN ANGLE BRACKETS: 



1 : KEY (DOT QUADDED HOST ADDRESS) 

2: DEFAULT (WHAT TO RETURN IF NOT FOUND IN ACCESS MAP) 

3: PASSTHRU (ADDITIONAL DATA PASSED UNCHANGED THROUGH) 

4: MARK TAG 
WHERE MARK IS: ! DOES LOOKUP ONLY WITH TAG 
OR: + DOES LOOKUP WITH AND WITHOUT TAG 







— LINE 44 


LOOKUP THE KEY IN THE ACCESS MAP WITH A LEADING 
TAG AS GIVEN IN THE FOURTH ARGUMENT IF THE KEY IS 
NOT FOUND IN THE MAP, THE FIRST ELEMENT OF THE NEW 
WORK SPACE WILL BE <?>. 








— LINE 45 


IF THE MARK IS V THEN LOOKUP JUST THE KEY 
(WITHOUT THE TAG). 








— LINE 46 



IF THE KEY IS OF THE FORM 1:2:3:4:6:7:8 (I.E., AN IPV6 
ADDRESS), THEN OMIT THE LAST COMPONENT (THE LEAST 
SIGNIFICANT PART) AND RECURSIVELY CALL 
LOOKUPADDRESS AGAIN. 



IF THE KEY IS OF THE FORM 1.2.3.4 (I.E., AN IPV4 ADDRESS), 
THEN OMIT THE LAST COMPONENT (THE LEAST SIGNIFICANT 
PART) AND RECURSIVELY CALL LOOKUPADDRESS AGAIN. 



LINE 47 



CONTINUE TO 
FIG. 40 
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CONTINUE FROM 
FIG. 4C 

r 


NOTHING HAS BEEN FOUND AND THE KEY CONSISTS ONLY 
OF A SINGLE COMPONENT STOP LOOKUP AND RETURN 
<DEFAULT> <PASSTHRU> 






SOMETHING HAS BEEN FOUND: RETURN THE RHS OF THE 
LOOKUP AND THE PASSTHRU VALUE. 







LINE 48 



LINE 49 



iJl 
IB 



LINE 55 



DEFINE A RULESET CALLED TLS_CLIENT WHICH IS CALLED 
WHENEVER SENDMAIL CONNECTS TO A CLIENT TO SEND 
AN E-MAIL. THIS RULESET RECEIVES AS INPUT THE VALUE 
OF THE MACRO {VERIFY} AND EITHER MAIL OR STARTTLS AS 
SECOND ARGUMENT 







THE RULES IN LINE 59 TO 63 ARE ACTIVE IF THE ACCESS 
MAP IS SELECTED (M4 MACRO ACCESS TABLE ). 
OTHERWISE THE RULE IN LINE 64 IS ACTIVE. 






LOOKUP THE NAME OF THE CLIENT USING LOOKUPDOMAIN 
AND TLS.CLT AS REQUIRED TAG. 






IF THE PREVIOUS LOOKUP DIDNT SUCCEED, LOOKUP THE 
IP ADDRESS OF THE CLIENT USING LOOKUPADDRESS AND 
TLS CLT AS REQUIRED TAG. 




r 


IF THE PREVIOUS LOOKUPS 
TLS.CLTINTHi 


.DIDN'T SUCCEED, LOOKUP 
E ACCESS MAR 



LINE 56 



LINE 59 



LINE 60 



LINE 62 



CONTINUE TO 
FIG. 4E 
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CONTINUE FROM 




FIG. 4D 



CALL THE RULESET TLS CONNECTION. 



DEFINE A RULESET CALLED TLS.SERVER WHICH IS 
CALLED WHENEVER SENDMAIL SENDS E-MAIL TO A SERVER. 
THIS RULESET RECEIVES AS INPUT THE VALUE OF THE 
MACRO {VERIFY}. 



THE RULES IN LINE 72 TO 76 ARE ACTIVE IF THE ACCESS 
MAP IS SELECTED (M4 MACRO _ACCESS_TABLE_), 
OTHERWISE THE RULE IN LINE 77 IS ACTIVE. 



LOOKUP THE NAME OF THE SERVER USING LOOKUPDOMAIN 
AND TLS_SRV AS REQUIRED TAG. 



IF THE PREVIOUS LOOKUP DIDNT SUCCEED, LOOKUP THE 
IP ADDRESS OF THE SERVER USING LOOKUPADDRESS AND 
TLS SRV AS REQUIRED TAG. 



IF THE PREVIOUS LOOKUPS DIDNT SUCCEED, LOOKUP 
TLS.SRV IN THE ACCESS MAP 



CALL THE RULESET TLS.CONNECTION. 




CONTINUE TO 




FIG. 4F 
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CONTINUE FROM 
FIG. 4E 



DEFINE A RULESET TLS.CONNECTION WHICH RECEIVES AS 
INPUT THE VALUE OF THE MACRO {VERIFY} AND THE RESULT 
OF THE LOOKUP IN THE ACCESS MAP AND AN OPTIONAL <> 



THE RULES IN LINE 84 T0 129 ARE ACTIVE IF THE ACCESS 
MAP IS SELECTED (M4 MACRO _ACCESS_TABLE_), 
OTHERWISE THE RULE IN LINE 132 IS ACTIVE. 



REMOVE OPTIONAL <> 



IF THE RESULT OF THE LOOKUP STARTS WITH PERM+, ADD 
<503:5.7.0> TO THE WORKSPACE. 



IF THE RESULT OF THE LOOKUP STARTS WITH TEMP+, 
ADD <403:4.7.0> TO THE WORKSPACE. 



DEPENDING ON THE M4 MACRO TLS_PERM_ERR ADD 
EITHER <403:4.7.0> OR <503:5.7.0> TO THE WORKSPACE. 



IF THE VALUE OF THE MACRO {VERIFY} IS SOFTWARE, 
RETURN AN ERROR, BECAUSE THE TLS HANDSHAKE 
FAILED (REQUIRED BY THE PROTOCOL) USING THE ERROR 
CODE SELECTED BEFORE. 



CONTINUE TO 
FIG. 4G 



LINE 79 



LINE 80 



LINE 84 



LINE 86 



LINE 87 



LINE 89 



LINE 91 



FIG. 4F 
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CONTINUE FROM 
FIG. 4F 



IF THE VALUE OF THE MACRO {VERIFY} IS SOFTWARE BUT NO 
ERROR CODE HAS BEEN SELECTED BEFORE. RETURN AN 

ERROR, BECAUSE THE TLS HANDSHAKE FAILED (REQUIRED 

BY THE PROTOCOL). THE ERROR DEPENDS ON THE M4 
MACRO TLS_PERM_ERR AS EXPLAINED BEFORE (LINE 89). 



IF THE RESULT OF THE ACCESS MAP LOOKUP IS VERIFY, 
USE THIS FOR FURTHER TESTS. 

IF THE RESULT OF THE ACCESS MAP LOOKUP IS VERIFY:BITS 
OR ENCR:BITS, USE THIS FOR FURTHER TESTS. 



IF THE RESULT OF THE LOOKUP IS VERIFY AND VALUE OF 
THE MACRO (VERIFY) IS OK, THEN STOP AND RETURN OK. 



LINE 94 



LINE 95 







IF NEITHER OF THE PREVIOUS TWO TESTS SUCCEEDS 
(SOMETHING ELSE HAS BEEN RETURNED BY THE LOOKUP) 
STOP NOW, RETURN OK. 







LINE 99 



LINE 104 



LINE 106 



IF THE RESULT OF THE LOOKUP IS VERIFY:BITS AND THE 
VALUE OF THE MACRO {VERIFY} IS OK, THEN TRANSLATE 
THIS INTO REQ:BITS. 






IF THE RESULT OF THE LO 
TRANSLATE THIJ 


OKUP IS ENCR:BITS, THEN 
> INTO REQ:BITS. 



LINE 108 



CONTINUE TO 
FIG. 4H 
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CONTINUE FROM 
FIG. 4G 



IF THE RESULT OF THE LOOKUP IS VERIFY (WITH OPTIONAL 

:BITS), THEN RETURN AN APPROPRIATE ERROR CODE 
BECAUSE THE VALUE OF THE MACRO {VERIFY} IS NOT OK 
(SEE LINE 104 AND 106). 



CALL THE RULESET MAX TO COMPUTE THE MAXIMUM OF 
{CIPHER.BITS} AND {AUTH.SSF}. 



IF THE REQUIRED KEY LENGTH (:BITS) IS GREATER THAN 
THE USED KEY LENGTH, TRANSFORM THE WORK SPACE 

TO TRUE. 



IF THE WORK SPACE CONTAINS TRUE (FROM THE PREVIOUS 
RULE), THE PROVIDED ENCRYPTION IS TOO WEAK: RETURN 

AN ERROR. 



DEFINE A RULESET CALLED MAX, WHICH GETS TWO 
ARGUMENTS SEPARATED BY A COLON. 



IF BOTH ARGUMENTS ARE EMPTY, RETURN 0. 



IF THE FIRST ARGUMENT IS EMPTY, RETURN THE SECOND. 
IF THE SECOND ARGUMENT IS EMPTY, RETURN THE FIRST 



CONTINUE TO 
FIG. 41 



LINE 110 TO 115 



LINE 117 



LINE 119 



■LINE 120 



LINE 122 



■LINE 124 



■LINE 125 



FIG. 4H 
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CONTINUE FROM 
FIG. 4H 


COMPARE THE FIRST AND THE SECOND ARGUMENT IF THE 
FIRST IS LESS THAN THE SECOND. PUT TRUE IN FRONT OF 
THE WORKSPACE. 






IF THE FIRST ARGUMENT IS LESS THAN THE SECOND, 
RETURN THE SECOND. 






OTHERWISE RETURN THE FIRST ARGUMENT 






IF THE ACCESS MAP IS NOT USED AND THE VALUE OF THE 

MACRO {VERIFY} IS SOFTWARE, RETURN AN ERROR, 
BECAUSE THE TLS HANDSHAKE FAILED (REQUIRED BY THE 
PROTOCOL). THE ERROR DEPENDS ON THE M4 MACRO 
TLS PERM ERR AS EXPLAINED BEFORE (LINE 89). 







LINE 127 



DONE ^ 



FIG. 41 



